Largest Directoty of Internet Security Software

Internet Security Threats

Home Software Threats Security
News		  

Trojan.Win32.Pandora.l

RISK LEVEL:2

This Trojan has a malicious payload. The Trojan is a Windows PE EXE file.It is 4,096 bytes in size.

Installation

When launched, the Trojan copies its executable file to the Windows root directory:

%WinDir%\memorium.exe

In order to ensure that the Trojan is launched automatically each time Windowsis restarted, the Trojan registers its executable file in the system registry:

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
 "load"="memorium.exe"

The Trojan also adds the following parameter to the wininit.ini configurationfile:

ìemorium=memorium.exe

The Trojan displays the following message:

It then launches the web browser and opens the following link:

http://www.miskatonic.net/pickman/mythos/****/vermiis1.jpg

It terminates the following process:

shutdown.exe –l

This will result in Windows shutting down.

If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram:

  1. Use Task Manager to terminate the Trojan process (memorium.exe).
  2. Delete the original Trojan file (the location will depend onhow the program originally penetrated the victim machine).
  3. Delete the copy of the Trojan:
    %WinDir%\memorium.exe
  4. Delete the following system registry key parameter:
    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
     "load"="memorium.exe"
  5. Delete the following string from wininit.ini:
    ìemorium=memorium.exe
  6. Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).


Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=49063

Similar Virus/Threat >>
  •   Trojan.Win32.Qhost.ix
    • This Trojan is a modified Windows %System%\drivers\etc\hosts file, which isused to translate domain names (DNS) to IP addresses. The modified file is1240 bytes in size. The file is modified in...
  •   Trojan.Win32.StartPage.adi
    • This Trojan has a malicious payload. It is a Windows PE EXE file. It is4 265 bytes in size. It is packed using FSG. The unpacked file is approximately28KB in size. It is written in...
  •   Trojan.Win32.Small.dl
    • This Trojan has a malicious payload. It is a Windows PE EXE file. It is24 576 bytes in size. It is written in C++.InstallationWhen launched, the Trojan copies its executable file to the Windows...


  • Window Washer
    		•
  • symantec PCanywhere 12.0
    		•
  • Kaspersky Anti-Hacker
    		•
  • iSpyNOW
    		•
  • Diet Kaza
    		•

    Acronis Privacy Expert Suite 8.0
    (31,781KB - $29.99)
    AIM Spy Monitor 2007
    (3,145KB - $39.99)
    BlazingTools Secure Office
    (1,301KB - $54.95)
    Yahoo! Messenger Spy Monitor 2007
    (4,034KB - $39.99)
    Encrypt my Folder
    (1,530KB - $24.95)

    Cookie Cleaner   |    History Eraser   |    Popup Killer   |   Firewall   |   Antivirus   |   Security Encryption   |   UnInstaller   |   Security News
    eTrust Pestpatrol Anti-Spyware   PestPatrol 5   Ad-Aware SE Removal   Ad-Aware SE   Ad-Watch   SpyFighter Cleaner Pro   Free Adware Remover   Spy Sweeper  Webroot Spy Sweeper 
    Copyright © 2002-2007 Internet Security Software.All rights reserved.
    Directory of Internet Security Software - Cookie & Cache Cleaner, History & Evidence Eraser, Popup Killer, Firewall